Tag: Application Protection Interface
API Vulnerability Data The sensor network that our partner Lorkya maintains found only 0.1% of attack traffic was definitively looking for API vulnerabilities. However, this is probably better attributed to the limitations of the sensor network than any trends about API attacks. Loryka’s sensors primarily detect wide-ranging probes and reconnaissance campaigns where attackers are looking…
Read MoreFrom tech giants and gamers to politicians and retailers, nobody is safe from today’s mutating threat landscape. 2019 was another frenzied maelstrom of cyberattacks, mitigations, pre-emptions and preventions, with the old (phishing and DDoS et al) rubbing havoc-wreaking shoulders with the new (new vistas in cyberwars, automation and AI). As ever, continuous pressure also begets…
Read MoreThere is no cease-fire in the continuing battle against malware. Qbot, a banking trojan malware active since 2008, is back in business with new functions and new stealth capabilities. In the past 12 years, this malware has gone by a handful of names, including Qakbot and Pinkslipbot. Despite all the variations and evolutions, Qbot’s main…
Read MoreThe Application Protection Research Series is an ongoing project at F5 Labs that provides an overarching view of the application security landscape. While detailed analyses of specific attacks are critical for defenders to adapt to emerging techniques, it is easy to overemphasize tactics over strategy if those kinds of analyses are the only thing we…
Read MoreThese kinds of incidents make it clear that the development teams behind these applications assumed that APIs were difficult to find. In all likelihood, they were prioritizing both application functionality and development speed over security. In other words, they “just had to get it to work.” This is a practical illustration of our thesis from…
Read MoreJWT brings performance to identity assertion and is being widely adopted, but it’s also garnering the attention of cybercriminals. Source link lol
Read MoreAPIs Power Applications—and Pose Security Challenges Application programming interfaces (APIs) form the chassis for modern applications. They are interfaces to software components that developers use to integrate valuable information into their applications (like Google Maps in a rideshare app or YouTube videos into a webpage) and they are everywhere—even in security products. APIs are key…
Read MoreIt’s that special time of year again! In perhaps the most festive of all end-of-the-year traditions, the cyber security community tries to predict the next big scary incident which will make headlines in the new year. At the risk of sounding cynical, building strategies to respond to cyber security threats are a bit like New…
Read MoreIntroduction gRPC (gRPC Remote Procedure Call) is a protocol that is gaining a lot of traction in the microservices world and is becoming a popular alternative for developers to use instead of REST (representational state transfer). Many organizations are trying to adopt gRPC, and technology blog sites are abuzz with chatter about choosing between REST…
Read MoreThe best practice document from Internet Engineering Task Force (IETF) recommends the use of an external user agent (such as a browser) to complete the flow in authorization flow code grant. When a native app wants to access private information, it needs to first get an authorization code. The native app starts its authorization request…
Read More